Special report: Should we expect some privacy in our cars?

High-tech solutions to traffic congestion could be a godsend — just ask anyone who tries to maneuver rush hour in Brussels.

But as the European Commission tries to make cities run more smoothly with increasingly sophisticated automotive software, the data protection implications of a data breach are impossible to ignore.

A case in point: The European Data Protection Supervisor was asked last year by the Commission to give his opinion on the provision of EU-wide, real-time traffic information.

And there are unmistakable signs that data is the new currency for auto manufacturers. In August, Nokia’s mapping and navigation software Here was bought by three rival German car makers — Audi, BMW and Daimler — who teamed up to make the €2.8 billion bid. As the fully autonomous driverless car comes closer to reality, mapping data and technologies that allow cars to “talk” to each other will become ever more ubiquitous.

But you may also wonder whether data from a car is really personal data. According to the EU’s Article 29 Working Party, a group made up of data protection authorities from each member state, location data from smart mobile devices is generally considered personal data since individuals can be directly or indirectly identified through their patterns of movement. That also applies to cars.

For example, if someone knows your car is stationary in a certain place from 10 p.m. until 8 a.m. most nights of the week, they can infer where you live. Likewise, if it is sitting in a company garage during working hours, five days a week, snoopers now know where you work as well.

But it’s not just location data that connected cars collect. Many models now feature a computer, phone and camera all rolled into one motorized package. Some cars can even monitor physical data, such as pulse or breathing rates. Such sensitive information may be a potential disaster for personal privacy, but it’s also a goldmine for companies. BMW board member Ian Robertson revealed in January that the company had been inundated with requests for access to vehicle data from technology and advertising companies.

Car manufacturers know that it’s not just the EDPS and A29WP who care about privacy. Customers are also asking for more data protection and companies are reacting. In the U.S., several major automakers voluntarily banded together to create the Consumer Privacy Protection Principles For Vehicle Technologies and Service. In June, Audi CEO Rupert Stadler promised to protect driver privacy. And BMW now installs firewalls in its vehicles as standard equipment to prevent hacks, and has resisted requests for access to vehicle data.
The Commission, too, has come up with ideas about how car data should be regulated, championing the principles of purpose limitation, data minimization and data quality. It also created a list of the sort of data that can be shared. However, the EDPS is concerned that this list is not exhaustive and therefore member states would be at liberty to make their own additions.

The A29WP has also drawn up a report that urges manufacturers to adopt “privacy by design.” It says that concerns over processing of personal data should not be an obstacle to innovation but that nonetheless technological advances must be weighed against personal data safeguards.

AWP29 suggests various precautions for companies that want to use data from connected vehicles without losing customers’ trust.

Firstly, raw data should be deleted as soon as the information for the authorized processing has been extracted. The group recommends that this should take place on the customer’s device to minimize transfers of data and it also suggests that constant location identification of users not be allowed.

Users should be in control of their own data, but the onus is on the company to explain clearly what is and isn’t being done with personal data. Customers should be informed under which circumstances data is collected and for what purposes it is processed. They should also be able to withdraw consent and opt out of data processing at any time, AWP29 argues.

The group has even considered the privacy concerns of those using rented vehicles, saying that under no circumstances should profiles be accessible to subsequent drivers.

The recent debate around the new European emergency eCall services highlights how important privacy is to drivers. “We are frequently getting contacted by citizens concerned that by having eCall installed in their vehicles, their location will be continuously tracked, their driving habits monitored and their private life infringed,” said the Commission in a document on the topic.

The Commission took pains to point out that the eCall in-vehicle system “remains dormant (that means not connected to the mobile phone networks) until a serious accident happens, therefore no tracking or transmission of data takes place during the normal operation of the system.”

And even in the event of an accident, only the minimum amount of data strictly needed by the emergency services is transmitted — namely the vehicle identification number, vehicle type and propulsion, timestamp, vehicle direction, current and previous positions, and number of passengers.

But although eCall does not constantly track location, the same cannot be said for private services — some do, some don’t. The best advice to vehicle owners on this topic and the privacy of automotive data in general is: if you’re not sure, find out.